How large is the cybersecurity workforce gap today?

New research from the non-profit organisation (ISC)² reveals a lack of talent in cybersecurity

6th February 2019

A new report from (ISC)² indicates that the global shortage of cybersecurity professionals is approximately 3 million. Overall, the Asia-Pacific region is facing the largest talent shortfall with a workforce gap of 2.15 million.

Assessing the gap

In order to calculate this figure, (ISC)² took into account the percentage of organisations with open positions and the estimated growth of variously sized companies. The calculation also includes estimates for academic and nonacademic entrants into the field, along with existing professionals who are “pivoting to cybersecurity specialties.”

The growing economies in Asia-Pacific are reportedly contributing to the region’s lack of cybersecurity professionals. The implementation of new data privacy legislation is also a contributing factor.

Overall, 63% of respondents reported that their organisations had a shortage of dedicated cybersecurity staff. Moreover, 59% said that their enterprise is experiencing “extreme or moderate risk” due to a staff shortage.

A substantial number of organisations (48%) plan to hire more cybersecurity staff in the next year. However, 39% expect no change in staffing while 5% predict that their company will experience a reduction in cybersecurity staff.

Impact of a skills shortage

Above all, respondents ranked the cybersecurity workforce gap as their top concern. In fact, this surpassed “historically topmost responses” including the lack of an adequate budget, lack of time and lack of work-life balance.

A lack of skilled and experienced cybersecurity personnel was a top concern for 37% of the respondents. 29% said a lack of resources, 28% an inadequate budget for security initiatives, while 27% cited a distinct lack of time.

In effect, a deficiency of skilled cybersecurity employees affects existing staff and their job satisfaction. Therefore, by supporting a cybersecurity workforce “organisations can build more cyber resiliency across their operations” and improve overall employee satisfaction.

While cybersecurity is a priority for budgeting, most professionals feel that the allocation of funds may not be high enough. 60% of the respondents said security should be a “much or slightly higher priority.”

Nevertheless, over half of the companies surveyed intend to increase their cybersecurity budgets over the next year. As a result, 70% said that the new figure would therefore be sufficient.

Attempts to bridge the skills gap

Last week, the UK announced new funding to boost the total number and diversity of people working in cybersecurity. Four projects in the Cyber Skills Immediate Impact Fund will equally benefit from a total investment of at least £500,000.

“Organisations are struggling to recruit, train, and retain cybersecurity talent,” according to Immersive Labs. The Bristol-based tech startup has now raised $8 million in Series A funding to develop a continuous multi-platform that enables enterprises to develop their security skills online.